Recent Threats dashboard.
The Recent Threats dashboard is your main entry point into Liberty91. It shows the most recent Events in the threat landscape, ordered chronologically so the newest reporting sits at the top. By default it presents three columns: Open Source on the left, Premium Feeds in the middle, and X (formerly Twitter) on the right.
The three columns
Each column groups Events by where they came from.
- Open Source (left) holds everything freely available on the internet, such as security blogs, vendor write-ups, government advisories, and vulnerability reports.
- Premium Feeds (middle) holds reporting that is not open to everyone. This includes a dark web feed if you have turned it on, premium vendor reporting brought in through a paid account or integration, and reports you import yourself.
- X (right) is a standalone feed that lives on the far right of the screen and surfaces new posts from the security researchers you follow.
What each Event card shows
Every Event displays the name, the source, and all of the MITRE ATT&CK codes the platform found described in that report, so you can read the technical shape of a report at a glance.
Any Threat Entities you hold in your Threat Library are color-coded where they appear on a card, which lets you identify what is being described without opening the Event:
| Entity type | Color |
|---|---|
| Threat Actors | Orange |
| Malware | Teal |
| Vulnerabilities | Black or white, depending on light or dark mode |
Enrichment Opportunities
In some cases an Event card surfaces an Enrichment Opportunity. This appears when the Event contains at least one Indicator of Compromise that an enabled Module has matched to a known threat.
For example, if you have MISP connected and an IOC mentioned in the report is also found in your MISP instance, or if OTX, CrowdStrike, or Group-IB links that IOC to a particular malware or threat actor, the platform surfaces the match. From there you can create a follow-up Threat Card and build on the link the Module found.
Enrichment Opportunities depend on the Modules you have turned on. Enabling a free Module like AlienVault OTX is a quick way to start seeing IOC-based links appear on your Events. See how IOC enrichment and decay scoring work.
Where to go next
The Recent Threats dashboard answers "what is new right now." Two related dashboards answer different questions:
- The Critical Threats dashboard reorders the same Events by criticality rather than time.
- The Top Threats dashboard shows only the handful of Threat Entities you have marked as Top Threats.
Frequently asked questions
Why are some Events shown in a separate Premium Feeds column?
The Premium Feeds column holds reporting that is not freely available: a dark web feed if you have enabled it, premium vendor reporting you bring in through a Module, and your own imports. Freely available internet reporting appears in the Open Source column instead.
What does an Enrichment Opportunity on an Event mean?
It means the Event contains at least one Indicator of Compromise that an enabled Module has matched to a known threat. You can act on it to create a follow-up Threat Card and build on the link the Module found.